[Date Prev][Date Next] [Chronological] [Thread] [Top]

pam_ldap authentication

	Think I may have a problem with either pam_ldap configuration or
ACLs.  When I try to login from RedHat Linux 7.1 system it will say the
user doesn't exist.  Running openldap in ACL debug mode (-d 128) shows
that the linux system is trying to do a search of posixAccount instead of
trying an auth vs. the password.  Since the linux client hasn't bound yet
it's doing this as anonymous.  If I give search access to anonymous it
will still fail.  This time it first searches the account object then
reads all it's fields, again as anonymous.  If I give read access to
anonymous then it searches the object, reads it, then asks for password on
the client and tries to bind as the user. 

	I can get around it by using the ldap.secret and specifying a
non-anonymous user as the default dn in ldap.conf but is this the way it's
supposed to work?  Either specify a user in the ldap.conf file or give
read access by *?  And if not what are the minimum ACLs needed by
pam_ldap?  Sorry if this is more suited to a list at padl, figured someone
here would have covered configuration of pam_ldap with openldap before.